Private Parts?

Submitted by Kate Sheehan on July 23, 2008 - 11:30am

2008 has been my introduction to ALA’s conferences. Philadelphia, PA was my first mid-winter, Anaheim (“it’s a dry heat”), CA my first annual. The size of the conference made for difficult decisions, including pitting LITA’s “Top Tech Trends” against OIF’s “Privacy: Is it Time for a Revolution?” I chose celebrity over friendship and went to gawk at Cory Doctorow.

Once there, I cheerfully sat at the blogger’s table, not realizing it was an “official” position and not just a table with a power strip (thanks to Jessamyn and Jenny for letting me crash). My front row seat afforded me a close view of the passion the panelists clearly felt for their subject. Dan Roth, senior writer for Wired, Beth Givens, founder and director of the Privacy Rights Clearinghouse and Cory Doctorow, author and Internet celebrity were vibrant and engaging speakers.

Librarians have always been committed to privacy within the context (and walls) of libraries. The global perspective offered by this session confirms my suspicion that library conferences should feature more non-library speakers - and I don’t mean more authors to reminisce about their warm fuzzy feelings for their childhood libraries.

Each speaker offered a barrage of startling and depressing quotes and statistics on the worldwide state of privacy today. The situation is bleak. As any librarian knows, most people don’t think about privacy. We’ve all encountered surprise when we inform a patron that we don’t keep a record of everything they’ve ever checked out or even outrage when we won’t disclose the titles a spouse or child has checked out. We may pride ourselves on our commitment to privacy, but we’re not doing a good job of selling the value of that commitment to our patrons.

Even when we acquiesce to popular demand, it can backfire in unexpected ways. At a former place of work, I happily turned on an OPAC feature that allowed patrons to opt in to save their reading history. Most patrons were thrilled, but many were unhappy that it did not retroactively recreate a list of everything they had ever checked out (which would have been a neat trick, since that data didn’t exist). Many more were displeased that it was data only they could access- it didn’t live in the library side of our ILS, only in the patron’s. “I’m protecting your privacy” doesn’t go over well as an answer to “but why can’t you just look it up for me!?”

Doctorow exhorted librarians to demand just such “zero knowledge solutions” from our vendors. Libraries are in a tough spot. We want to engage our users online, we want to have social features on our websites and we want to offer the best service we can, but we don’t want to be invasive or paternalistic. And for the most part, we have to negotiate with our vendors to meet those needs.

Education (for patrons, vendors and librarians) about these issues is clearly of paramount importance. Dan Roth offered a hopeful analogy to the green movement. Several years ago, when environmental concerns came up, businesses and many consumers didn’t care, but now companies use green to be competitive. Privacy could follow in the environment’s footsteps. Roth also called this time a “golden age” for privacy, since businesses are collecting an appalling amount of data about their customers, but don’t know what to do with it. We may be on the brink, but we can still step away safely.

Should libraries be responsible for that education? Can we push our users to contemplate privacy issues and hold ourselves to a high standard? Beth Givens’s Privacy Rights Clearinghouse, offers resources for educating consumers and helping them manage their privacy, all easy enough to pass along to patrons. However, Doctorow proclaimed that “libraries have a moral duty to boycott technologies that invade their patron’s privacy” but he also pointed out that libraries are the last bastions of DRM materials that are very invasive. Should we drop anything with DRM attached?

This type of dilemma isn’t new for libraries. When Open Office came along, some libraries were able to switch all of their public terminals to Open Office and drop at least a few Microsoft products. For other libraries, that wasn’t realistic. How can we as individual organizations and as an industry balance our user’s needs and desires with our own obligations to ideals like intellectual freedom and privacy?

The suggestions offered by the panel ranged from the soft sell: online games that reward privacy rather than demand information, to the startling: a robot that grabs unencrypted passwords as they’re transmitted on a network, rolls up to the owner of those passwords and shows them everything they’ve unintentionally revealed.

Libraries have an obvious self-interest in educating their users about these issues. We are one of the few organizations in people’s lives that adhere to a standard for privacy. If we want to be seen as ahead of the curve rather than hopelessly behind it, informed users are the path to an improved image.

Our patrons have a vested interest here too (as do we as individuals). Roth pointed out that companies collect far less information from their European and Canadian customers because the EU and Canada have strong privacy laws. It would be more cost-effective to treat American customers in the same way, but companies go out of their way to collect more information about U.S. customers. There’s clearly a benefit to corporations but what is the benefit to the citizenry?

Libraries have given up a lot to protect privacy. As we start to offer things like reading histories and as we engage our users online and off, we are learning to use the data we have access to in careful, considered ways. All of that work will be meaningless in a larger social milieu that doesn’t value privacy.

The panelists exhorted librarians to lead the charge in the privacy wars; not just in our own institutions. Should we heed their call?